From 8d4c157146b37c673bd393b1070dd588f51a3700 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Tue, 2 Feb 2016 11:57:46 +0000
Subject: [PATCH] Reserve rspamd_sig_t for signatures

---
 src/libcryptobox/cryptobox.c | 20 ++++++++++----------
 src/libcryptobox/cryptobox.h | 17 ++++++++++-------
 test/rspamd_cryptobox_test.c |  4 ++--
 3 files changed, 22 insertions(+), 19 deletions(-)

diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c
index 4b4cd4da1..5f0bb3b64 100644
--- a/src/libcryptobox/cryptobox.c
+++ b/src/libcryptobox/cryptobox.c
@@ -590,7 +590,7 @@ rspamd_cryptobox_encrypt_final (void *enc_ctx, guchar *out, gsize remain)
 }
 
 static gboolean
-rspamd_cryptobox_auth_final (void *auth_ctx, rspamd_sig_t sig)
+rspamd_cryptobox_auth_final (void *auth_ctx, rspamd_mac_t sig)
 {
 	if (G_LIKELY (!use_openssl)) {
 		poly1305_finish (auth_ctx, sig);
@@ -604,7 +604,7 @@ rspamd_cryptobox_auth_final (void *auth_ctx, rspamd_sig_t sig)
 		EVP_CIPHER_CTX *s = auth_ctx;
 
 		g_assert (EVP_CIPHER_CTX_ctrl (s, EVP_CTRL_GCM_GET_TAG,
-				sizeof (rspamd_sig_t), sig) == 1);
+				sizeof (rspamd_mac_t), sig) == 1);
 
 		return TRUE;
 #endif
@@ -757,10 +757,10 @@ rspamd_cryptobox_decrypt_final (void *enc_ctx, guchar *out, gsize remain)
 }
 
 static gboolean
-rspamd_cryptobox_auth_verify_final (void *auth_ctx, const rspamd_sig_t sig)
+rspamd_cryptobox_auth_verify_final (void *auth_ctx, const rspamd_mac_t sig)
 {
 	if (G_LIKELY (!use_openssl)) {
-		rspamd_sig_t mac;
+		rspamd_mac_t mac;
 
 		poly1305_finish (auth_ctx, mac);
 
@@ -808,7 +808,7 @@ rspamd_cryptobox_cleanup (void *enc_ctx, void *auth_ctx)
 void rspamd_cryptobox_encrypt_nm_inplace (guchar *data, gsize len,
 		const rspamd_nonce_t nonce,
 		const rspamd_nm_t nm,
-		rspamd_sig_t sig)
+		rspamd_mac_t sig)
 {
 	gsize r;
 	void *enc_ctx, *auth_ctx;
@@ -848,7 +848,7 @@ void
 rspamd_cryptobox_encryptv_nm_inplace (struct rspamd_cryptobox_segment *segments,
 		gsize cnt,
 		const rspamd_nonce_t nonce,
-		const rspamd_nm_t nm, rspamd_sig_t sig)
+		const rspamd_nm_t nm, rspamd_mac_t sig)
 {
 	struct rspamd_cryptobox_segment *cur = segments, *start_seg = segments;
 	guchar outbuf[CHACHA_BLOCKBYTES * 16];
@@ -949,7 +949,7 @@ rspamd_cryptobox_encryptv_nm_inplace (struct rspamd_cryptobox_segment *segments,
 
 gboolean
 rspamd_cryptobox_decrypt_nm_inplace (guchar *data, gsize len,
-		const rspamd_nonce_t nonce, const rspamd_nm_t nm, const rspamd_sig_t sig)
+		const rspamd_nonce_t nonce, const rspamd_nm_t nm, const rspamd_mac_t sig)
 {
 	gsize r = 0;
 	gboolean ret = TRUE;
@@ -979,7 +979,7 @@ rspamd_cryptobox_decrypt_nm_inplace (guchar *data, gsize len,
 gboolean
 rspamd_cryptobox_decrypt_inplace (guchar *data, gsize len,
 		const rspamd_nonce_t nonce,
-		const rspamd_pk_t pk, const rspamd_sk_t sk, const rspamd_sig_t sig)
+		const rspamd_pk_t pk, const rspamd_sk_t sk, const rspamd_mac_t sig)
 {
 	guchar nm[rspamd_cryptobox_MAX_NMBYTES];
 	gboolean ret;
@@ -995,7 +995,7 @@ rspamd_cryptobox_decrypt_inplace (guchar *data, gsize len,
 void
 rspamd_cryptobox_encrypt_inplace (guchar *data, gsize len,
 		const rspamd_nonce_t nonce,
-		const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_sig_t sig)
+		const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_mac_t sig)
 {
 	guchar nm[rspamd_cryptobox_MAX_NMBYTES];
 
@@ -1008,7 +1008,7 @@ void
 rspamd_cryptobox_encryptv_inplace (struct rspamd_cryptobox_segment *segments,
 		gsize cnt,
 		const rspamd_nonce_t nonce,
-		const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_sig_t sig)
+		const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_mac_t sig)
 {
 	guchar nm[rspamd_cryptobox_MAX_NMBYTES];
 
diff --git a/src/libcryptobox/cryptobox.h b/src/libcryptobox/cryptobox.h
index 4a3d1e1f7..8673fa091 100644
--- a/src/libcryptobox/cryptobox.h
+++ b/src/libcryptobox/cryptobox.h
@@ -39,6 +39,9 @@ struct rspamd_cryptobox_segment {
 #define rspamd_cryptobox_HASHBYTES 64
 #define rspamd_cryptobox_HASHKEYBYTES 64
 #define rspamd_cryptobox_HASHSTATEBYTES 256
+#define rspamd_cryptobox_MAX_SIGSKBYTES 64
+#define rspamd_cryptobox_MAX_SIGPKBYTES 32
+#define rspamd_cryptobox_MAX_SIGBYTES 64
 
 #define CPUID_AVX2 0x1
 #define CPUID_AVX 0x2
@@ -50,7 +53,7 @@ struct rspamd_cryptobox_segment {
 
 typedef guchar rspamd_pk_t[rspamd_cryptobox_MAX_PKBYTES];
 typedef guchar rspamd_sk_t[rspamd_cryptobox_MAX_SKBYTES];
-typedef guchar rspamd_sig_t[rspamd_cryptobox_MAX_MACBYTES];
+typedef guchar rspamd_mac_t[rspamd_cryptobox_MAX_MACBYTES];
 typedef guchar rspamd_nm_t[rspamd_cryptobox_MAX_NMBYTES];
 typedef guchar rspamd_nonce_t[rspamd_cryptobox_MAX_NONCEBYTES];
 typedef guchar rspamd_sipkey_t[rspamd_cryptobox_SIPKEYBYTES];
@@ -86,7 +89,7 @@ void rspamd_cryptobox_keypair (rspamd_pk_t pk, rspamd_sk_t sk);
  */
 void rspamd_cryptobox_encrypt_inplace (guchar *data, gsize len,
 		const rspamd_nonce_t nonce,
-		const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_sig_t sig);
+		const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_mac_t sig);
 
 /**
  * Encrypt segments of data inplace adding signature to sig afterwards
@@ -99,7 +102,7 @@ void rspamd_cryptobox_encrypt_inplace (guchar *data, gsize len,
 void rspamd_cryptobox_encryptv_inplace (struct rspamd_cryptobox_segment *segments,
 		gsize cnt,
 		const rspamd_nonce_t nonce,
-		const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_sig_t sig);
+		const rspamd_pk_t pk, const rspamd_sk_t sk, rspamd_mac_t sig);
 
 
 /**
@@ -113,7 +116,7 @@ void rspamd_cryptobox_encryptv_inplace (struct rspamd_cryptobox_segment *segment
  */
 gboolean rspamd_cryptobox_decrypt_inplace (guchar *data, gsize len,
 		const rspamd_nonce_t nonce,
-		const rspamd_pk_t pk, const rspamd_sk_t sk, const rspamd_sig_t sig);
+		const rspamd_pk_t pk, const rspamd_sk_t sk, const rspamd_mac_t sig);
 
 /**
  * Encrypt segments of data inplace adding signature to sig afterwards
@@ -125,7 +128,7 @@ gboolean rspamd_cryptobox_decrypt_inplace (guchar *data, gsize len,
  */
 void rspamd_cryptobox_encrypt_nm_inplace (guchar *data, gsize len,
 		const rspamd_nonce_t nonce,
-		const rspamd_nm_t nm, rspamd_sig_t sig);
+		const rspamd_nm_t nm, rspamd_mac_t sig);
 
 /**
  * Encrypt segments of data inplace adding signature to sig afterwards
@@ -138,7 +141,7 @@ void rspamd_cryptobox_encrypt_nm_inplace (guchar *data, gsize len,
 void rspamd_cryptobox_encryptv_nm_inplace (struct rspamd_cryptobox_segment *segments,
 		gsize cnt,
 		const rspamd_nonce_t nonce,
-		const rspamd_nm_t nm, rspamd_sig_t sig);
+		const rspamd_nm_t nm, rspamd_mac_t sig);
 
 
 /**
@@ -152,7 +155,7 @@ void rspamd_cryptobox_encryptv_nm_inplace (struct rspamd_cryptobox_segment *segm
  */
 gboolean rspamd_cryptobox_decrypt_nm_inplace (guchar *data, gsize len,
 		 const rspamd_nonce_t nonce,
-		 const rspamd_nm_t nm, const rspamd_sig_t sig);
+		 const rspamd_nm_t nm, const rspamd_mac_t sig);
 
 /**
  * Generate shared secret from local sk and remote pk
diff --git a/test/rspamd_cryptobox_test.c b/test/rspamd_cryptobox_test.c
index 97a21ec48..0ba4bbc93 100644
--- a/test/rspamd_cryptobox_test.c
+++ b/test/rspamd_cryptobox_test.c
@@ -56,7 +56,7 @@ create_mapping (int mapping_len, guchar **beg, guchar **end)
 
 static void
 check_result (const rspamd_nm_t key, const rspamd_nonce_t nonce,
-		const rspamd_sig_t mac, guchar *begin, guchar *end)
+		const rspamd_mac_t mac, guchar *begin, guchar *end)
 {
 	guint64 *t = (guint64 *)begin;
 
@@ -168,7 +168,7 @@ rspamd_cryptobox_test_func (void)
 	guchar *begin, *end;
 	rspamd_nm_t key;
 	rspamd_nonce_t nonce;
-	rspamd_sig_t mac;
+	rspamd_mac_t mac;
 	struct rspamd_cryptobox_segment *seg;
 	double t1, t2;
 	gint i, cnt, ms;
-- 
2.39.5